Welcome Guest ( Log In | Register )

Bump Topic Topic Closed RSS Feed

Outline · [ Standard ] · Linear+

Unifi WARNING TO ALL UNIFI USERS, Threat warning, read inside

views
     
andrew9292
post May 30 2010, 12:29 AM

-/Livin' On A Prayer/-
*****
Senior Member
954 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE
13.1 The Customer shall:-
not use the Service for any unlawful purpose including without limitation for any criminal purposes;
not use the Service to send unsolicited electronic messages or any message which is obscene, threatening or offensive on moral, religious, racial or political grounds to any person including a company or a corporation;
not compromise or infect any systems with computer viruses or otherwise;
not infringe any intellectual property rights of TM, its related companies and subsidiaries or any third party;
not gain unauthorised access to any computer system connected to the Internet or any information regarded as private by any person including a company or corporation;
not share the Service with any person including a company or corporation without the prior written approval of TM and shall use the Service only for the purpose for which it is subscribed;
not resell or sublet the Service to any third parties without prior written consent from TM; and,
not use the Service in any manner, which in the opinion of TM may adversely affect the use of the Service by other Customers or efficiency or security as a whole.


Probably why they put that up ;p

Okay, good job for TS as he found out this major security risk considering the number of IT grads and professionals these days are out there...
But posting this here is actually publicity to this loophole.

Only those who came to LYN would find out about this and if they are tech savvy enough, they will know how to get around it to minimize the exposure risk as much as possible.

But again, if someone with unholy intention stumbles upon this, it could mean disaster for those unaware and incapable to prevent it...

I would like to ask TS, now that you have found out and posted it to public, what is your next step? Will you report to relevant authorities?
Otherwise the purpose of this thread will be:

1. Publicize a major loophole in UniFi
2. Giving knowledgeable users the chance to avoid the risk, a really small amount of people in LYN.
3. Exposing a mass mount of UniFi-ers to exploits...

So, just be aware of that. I'm no IT expert with any qualification btw. TS, u're doing the right thing, salute! but there is still a loophole in what you are doing tongue.gif haha

This post has been edited by andrew9292: May 30 2010, 12:30 AM

Topic ClosedOptions
 

Change to:
| Lo-Fi Version
0.0254sec    0.60    7 queries    GZIP Disabled
Time is now: 29th March 2024 - 09:45 PM